I have a Debian system running openswan with ipsec and xl2tp. This is configured for PSK right now. My iPhone can log on to the VPN with no problem and negotiate L2TP. None of my windows systems can start the L2TP part. If I tail the sys log when a windows computer tries to connect, there is no activity. Even when debug packet and running with the -D. (The log looks normal for the phone). When tailing the auth log, I can't see any thing that stands out. I am not even sure what level of debug I should look for on the ipsec.conf to start.

The phone and the computers are using the same WIFI.

What is the key difference between IPSEC/L2PT on the iPhone and Windows?

The stuff in red is on the working system. It is omited from the not working... That might be the iOS using high non-standard ports. I dont know.

11-04-2010

tsmarks

With parsing debug info, I also found the third from the last line in the authlog from the working system is:

kernel_alg_esp_info():........

it is missing all together from the non-working

11-05-2010

MikeTbob

Quote:

Originally Posted by tsmarks

With parsing debug info, I also found the third from the last line in the authlog from the working system is:

kernel_alg_esp_info():........

it is missing all together from the non-working

Hello and Welcome.
I just wanted to let you know that we are reading your posts but most people including me, have no experience with Iphones/OpenS/WAN.
Does your last statement mean that you got it working?

11-05-2010

tsmarks

No luck, yet. The iPhone works fine; it is the windows clients that fail. Normally it is the other way...

11-05-2010

tsmarks

Not to keep bumping my own...

I tried the VPN with a OSx Leopard and it works fine. Only Windows XP, Vista and 7 fail.

11-05-2010

tsmarks

OK... Solved. I might be a bit embarrassed, but will share in case others follow.

I checked to make sure all my Windows clients had the updates required for NAT-T...<embarrassing> I did not activate the feature </embarrassing>

Articles 818043 (XP) and 926179 (Vista) explain how to configure Windows to handle a double NATed VPN.
Basically:
Add a Dword key in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPsec
Named:
AssumeUDPEncapsulationContextOnSendRule
and set the value to 2

I hope my stupidity will aid others.... Thanks to all who tried to help me.

Tim

11-06-2010

MikeTbob

Thanks for posting the solution, it may helps someone else, you just never know. You got 102 views so far, so someone is interested. :p
I'm gonna mark it as solved.